Luke Lucas, Cobweb Managed Services Senior Engineer, writes …
Yesterday, I had an email from one of our Microsoft 365 Managed Services’ customers, asking me for advice for users working from home.
We thought my reply might be useful for all to see.
To begin with, though, if you’re unfamiliar with Microsoft 365, the solution incorporates Microsoft’s productivity suite, Office 365, the operating platform, Windows 10, and security solution Enterprise Mobility + Security (EM+S). And, with Cobweb’s Managed Services wrap, customers hand over management of the solution to us, with services including active monitoring and proactive support.
Yesterday, our customer’s COO’s (Chief Operating Office) question centred around security in particular. Below, is my reply to her:
Your company is in good stead because you have moved to Microsoft 365
Many companies without a ‘modern workplace’ solution will currently be facing difficulties in enabling users to access resources and in making sure their connections are secure - you do not need to worry about this at all.
It makes no difference if your users are in the office or working from home... which is great!
Your staff are getting the same work experience on their laptops as in the office (although, not including use of local resources, such as printers, of course.) Their computers will connect to the Office 365/Microsoft servers just as if they were in the office. The same policies will apply, and the same features are available to them.
The connection to your tenant will still be a secure sockets layer connection, and which means the traffic to and from is encrypted as it always is.
With that being said, it’s always good to give out and repeat advice to users regarding security, and the points listed below are generally accepted as good practice in the industry.
Preventing a rise in Shadow IT
Shadow IT is when users perform business tasks using applications and services of which business leaders and IT departments are not aware. This poses a high risk, because the business is unable to protect either users or data.
Key messages to convey to users include:
· Ensure they continue to use and only use official business applications for work. This means they should use Teams, OneDrive, SharePoint, and Office applications, plus their other line of business solutions, as they would in the office.
· Use Teams or Skype for chat, and ensure that all conversational exchange is kept within an organisational Microsoft tenant. Refrain from using social media or other consumer services for business communications (unless that’s the only way to get hold of someone.)
· Do NOT start using consumer file sharing services such as Google Drive, WhatsApp, Dropbox, etc.
Continue to secure identity
The strongest protection today for user identity is multi-factor authentication (MFA).
With an increase in the number of users working remotely - and particularly if users are finding themselves having to cope with a greater workload as customer requirements ramp up in response to the situation - the temptation can be to relax MFA requirements, so users don’t need to authenticate so often, or at all.
The key message to users:
· MFA measures - such as using an app or text to a phone to confirm login from home - protect user identity. Cyber criminals, such as scammers and hackers, are well known to take advantage of world events and change such as we’re experiencing today. So, it’s important to continue to use multi-factor authentication. It may seem a pain on occasions - but it’s more important than ever at this time.
Keeping your devices up to date and connected
You’ll want to ensure that your users are regularly connecting their devices to the internet, and in turn keeping them connected to your organisation.
Important Windows security updates and security policies are managed by Intune and other services, depending on your set-up.
Periods of offline activity are fine, but encourage people to get their devices to check in with the service daily.
The key messages:
· A user’s computer needs to check in every now and then with your business to stay healthy and secure. Offline working is OK, but try and ensure that each machine is connected to the internet at least once a day, to check in and receive important security updates.
· Your users may find it useful to ‘tether’ their laptop/PC to their mobile phone’s data connection in case their home internet becomes unavailable. Users should check with their IT contact if they need assistance with this.
Be vigilant and communicate
Users need to be hyper-vigilant when it comes to receiving unusual requests, and in particular those that break company policy, or where emotive language or badly written text is used in emails and chats, as these can be the hallmark of the work of cyber criminals.
Encourage users to be extra vigilant and raise any concerns.
Your users might also be facing issues regarding how they work in this new situation. It’s important to encourage them to raise any technical or logistical issues, or security concerns with you. This prevents users taking matters into their own hands, and which often results in the use of Shadow IT or attempts to relax or remove the usual business and security processes.
The message for your users:
· When working remotely, be extra vigilant when dealing with requests received from sources originating from both inside and outside the business.
· Watch out for emotive language and requests that don’t comply with standard business policy.
· Ensure they raise any technical or logistical issues regarding work activities with their IT contact, and are not tempted to take matters into their own hands – technical solutions are available and can be implemented for every situation.
I hope the above is of use to you. If you’d like any other information about how best to support your users while working from home at this difficult time, we’ll be happy to help.